Oracle recently released a security alert (CVE-2012-1675) where they warn against a possible “Oracle TNS Listener Poison Attack”. There is no real fix, but there are a number of workarounds that you can use to protect your listeners against unauthorised hijacking.

One of the workarounds involves turning off dynamic registration of database instances by the listener service. However, this workaround can only be used for stand-alone, non-RAC installations. For RAC, you can implement secure transports, which are explained in My Oracle Support document 1453883.1 (if you have access to Oracle support).

Dynamic registration is by default turned on in Oracle 11g. To turn it off, there are two things you need to modify in your $ORACLE_HOME/network/listener.ora file:

First, you need to add a description for all the database instances that the listener will handle. If you fail to do this, any clients trying to connect will receive “ORA-12154: TNS:could not resolve the connect identifier specified” errors after you turned off the dynamic registration.